Hi Mhee,for the sake of your own sanity, please don't use Fortigate's polling mode, unless it's really necessary. There are numerous limitations compared to standalone FSSO CA design. Just from top of my head:- NTLM is not supported- only few events are monitored- workstation check is not implemented- has performance limitations

There are many success stories with standalone FSSO CA, while so few with Fortigate FSSO polling, if you know what I mean. Should I position Fortigate's polling mode in usage, I would mention extra-small designs and demonstration purposes.

If you still need to troubleshoot fsso polling mode (or you are just brave and adventurous), please be sure that you have security events audit enabled on all DC servers, and configured LDAP is really reachable.

If still no success, you can get the idea what's wrong also from your own troubleshooting; for example with debug commands:

Does everyone still agree (here in late 2018 and on 6.0.2) that fsso-polling is not the way to go in a larger environment? I have about 750 users across four domain controllers. Everything seems to be working "fair" but seems like it's not showing all of the users yet. I've only had it working for about 6 hours and only around half of the users are showing in a "diag debug fsso-polling" query.

If I go back to the collector agent, will the groups that I already have populated and pointing to the FSSO still work w/o modification? Lastly, how does the unit handle both FSSO with CA and FSSO with polling? Does it just use both? Seems like both would be hard to troubleshoot